Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 2241-1] qemu-kvm security update
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 24 May 2011 23:02:40 +0200

Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2241-1                   security () debian org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 24, 2011                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu-kvm
Vulnerability  : implementation error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2011-1751 

Nelson Elhage discovered that incorrect memory handling during the 
removal of ISA devices in KVM, a solution for full virtualization on
x86 hardware, could lead to denial of service of the execution of 
arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in
version 0.12.5+dfsg-5+squeeze2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce () lists debian org
Version: GnuPG v1.4.11 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 2241-1] qemu-kvm security update Moritz Muehlenhoff (May 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]